Privacy concerns with ordering a pixel straight to my home address

ARealHumanPerson

Hi guys, Im sorta new to this community so apologies for the noob question, but anyways: I'll be buying a pixel soon to run graphene, and through my research into privacy it seemed like the best, most private option to actually obtain the phone was to find an in-person store and pay with cash, Then load GOS away from home on public wifi thru a vpn. Unfortunately, trying to find a decent price on the pixel i'm looking for in person is impossible. Nowhere around me is selling a pixel in person for a reasonable price. Now, they are selling them on their online stores (refurbs, open box, etc) for a price id actually be willing to pay. (like $300+ difference) The issue is, they're online only, and I cant pick them up in person, or pay with cash. I also don't have access to a p.o box, or friend who would let me just ship it to their house.

So, my question is, what are the privacy ramifications of having a pixel shipped to your house through a major retailer instead of picking it up in person? To be clear, I'm no snowden, and Im not in need of over the top opsec, But I would like to keep as much of my data and information as possible out of prying eyes. If there are potential workarounds or other more secure options then I'd love to know, thanks.

(also, i will be paying using a gift card payed with cash, if that helps.)

Lilac6044

ARealHumanPerson So the issue I am seeing is, if you can't find one in person, and there is no way for it to be delivered away from your home address, you don't have much of a choice. That being said, I think your threat model would need to be quite high to worry about very few people knowing you have a pixel device.

raccoondad

ARealHumanPerson I don't really think there is much of an online privacy loss by simply ordering the device online from Googles store. Yes its your address, but not much else is given, especially with a throw away google account.

I'm surprised your local tech store isn't selling pixels.

There is a certain point where 'privacy' becomes 'redundance' without much protection. Same idea with security (see hardware switches)

argante

ARealHumanPerson Even if you buy a Pixel from the Google Store, you pay for it with your card, and the package arrives at your address. The information you're giving Google is that you have this phone. If you buy the phone anonymously but activate it on your home network, Google will also know you have this phone. And that's it.

If you don't have a SIM card in the phone and your MAC address is always random plus AirPlane mode on, it's difficult to track you. The phone must leave some traces. So, Google might know you have this phone, but if you have GOS and don't install any fancy apps on it, you won't leave many traces and you'll use it anonymously.

On the other hand, if you buy the phone completely anonymously, pay with crypto, etc., and activate it securely, Google won't know you have this phone—that's all. However, if you insert a SIM card into the phone (or you don't have airplane mode turned on), they will know you have this phone. The manufacturer and model are encoded in the IMEI number. If your phone connects to the towers where you live at night and to the towers where you work during the day, this formation will indicate that it is a Pixel (from IMEI) and that the phone belongs to you.

I hope this clarifies things. @de0u also wrote it well.

Eirikr70

It all depends on whether you are Edward Snowden, Usama Bin Laden or the average Joe. What is your threat model?

ARealHumanPerson

Eirikr70 I don't have much of a threat model, I simply want to keep as much of my information as is reasonable for an average person private. I don't have reason to believe that I am being targeted for any reason, but for reference, lets just imagine that if i were to become targeted in the future, by LE, Hackers, angry family, Etc. That I would want a layer of privacy. Essentially, I don't want to rely on other people not targeting me to be secure. Hope that helps.

palantiratemyson

Eirikr70 Exactly, that's why bin Laden always used the cave neighbor's address to get his Pixel and dialysis equipment.

duckduckduck

I also don't have access to a p.o box, or friend who would let me just ship it to their house.

you can send it to my address and pick it up:
1600 Pennsylvania Ave NW, Washington, DC 20500, USA

de0u

ARealHumanPerson I don't have much of a threat model, I simply want to keep as much of my information as is reasonable for an average person private.

These days I think the average person has very little privacy, so it sounds as if you are seeking more-than-average privacy (like many people on this forum).

But that means you will need to choose how much privacy to pay for (because, whether in time or effort, it's not free).

If you order a Pixel in the straightforward fashion, the seller will associate your identity with the phone's serial number (and thus IMEI). But if you use a SIM card, probably your identity will be associated with the IMEI (and thus the serial number). So anonymous purchase does not by itself deliver anonymous usage.

If you purchase a device anonymously and use only public Wi-Fi, but use the device to post on Facebook, the device itself may not identify you, but your online behavior may well help train their advertising superconsciousness. It's not possible to take just one step (anonymous purchase) and do everything else like an "average person" and get huge privacy benefits. More privacy requires more behavioral change. Overall, you'll need to decide how far you want to go.

Meanwhile, purchasing through a regular retail seller might save you a fair amount of money if the device breaks while it's still under warranty.

ARealHumanPerson

raccoondad

I'm surprised your local tech store isn't selling pixels.

My local tech store IS selling pixels... but for something like $200+ markup for an already expensive device. Also they're all brand new. Im not looking to spend that kinda money right now lol

Ammako

raccoondad my experience with trying to buy a Pixel using a throwaway account is that the purchase gets flagged as potentially fraudulent and the order gets canceled. That's with accessing the website and both creating the account + making the purchase from my home IP as well; no VPN.

I think Google isn't going to readily accept brand new throwaway accounts adding a credit card and making several hundred dollars transactions with no prior history.

locked

ARealHumanPerson You want privacy cheap, that's hard to attain usually. Your local store would likely be good to buy from.

locked

Honestly, many people use Pixels, if you are in the states, and more are about to. Google is expanding their marketing and points of sales.

DeletedUser495

With what I have learned following this forum and other recommended sources for almost 3 years and considering that my threat model is dimishing mass surveillance, I don't mind if they know who I am and where I live as long as they don't get to see more. That way I can stay secure and reasonably private (by my standards). [And in all honesty, as much as it is recommended, I don't need Google Play to help me achieve it.]

BeepBeep

I'm no one important that someone would target specifically, but I try to anonymize, obfuscate and fragment my digital footprint as much as I can -- as a matter of principle.. I can't become invisible, but I can make my digital footprints commercially unusable.

I can't stop my cell company from gathering my IMEI, but that doesn't mean they have to know any other device identifiers. Meanwhile, most other apps need not know my IMEI, for example. However, if I buy a phone from Google online, the worst possible company will have the most possible device data to work with from the very start, and only bad things could come from that. The Bluetooth MAC (until randomization is supported) and NFC identifiers seem the most problematic, but there are many more knowledgeable people on here than me who may know better.

Maybe I'm not accomplishing anything for the effort, but I buy retail and pay cash, so the retailer won't have any of my personal information or device identifiers to sell and Google doesn't know who bought a particular piece of their hardware. From there, I try my best to keep it that way:

I mainly use privacy-respecting/open source apps/services, and wherever I can't I compartmentalize into isolated, inert user profiles with maximum app restrictions and anonymous logins so that it's just plain hard for any one bad actor to gain a very complete or persistent picture. To help with this, my VPN is always on, and periodically (or any time I do something personally identifying) I flush the caches, shut off that profile, or whatever and relog to a different time zone.

I can't be perfect, but I don't have to be. I just have to make my data commercially unviable. Maybe the incremental benefit of hiding who owns the phone hardware is minimal, but it's also not that hard for me to pay cash in person, so I pocket hardware anonymity as part of a layered defense.

de0u

BeepBeep However, if I buy a phone from Google online, the worst possible company will have the most possible device data to work with from the very start, and only bad things could come from that.

Different people may rate companies differently. Until recently major U.S. cellular carriers were selling real-time location data to companies who in theory were obtaining consent etc. but were actually selling the data on to shady actors. And personally I think the data-collection practices of some companies with names starting with H and X are pretty distasteful too.

Anonymous purchase and anonymous OEM unlock (and not installing Play) do allow one to impair tracking by Google in particular. But I think sometimes people "learn" from privacy-guide sources that those are important measures for everybody to take... which arguably they are not if the anonymous purchase and activation are followed by installing Play, Facebook, Instagram, Spotify, Netflix, WhatsApp, etc.

ttrp225

Call around to all the Best Buy stores in the area, make sure they have stock of the newest pixel model. Then go in-person and pay with cash. Make sure not to give your phone number or associate with their rewards program.

Church

You can use a resender and pay with monero. Or find a online store accepting XMR

de0u

Church You can use a resender and pay with monero. Or find a online store accepting XMR.

I think in some countries the result would be no "proof of purchase" and thus no warranty coverage. That may well be an acceptable risk for some people, but it might be an unwelcome shock for others.

longshots

I also share your concerns regarding the topics you have raised but I have mastered most of the problems you are concerned about. Therefore I feel I can help you by sharing an alias I use - welcome to the "Hugh Janus" club.